I seem to be stuck at this one… Just to make sure, do you need to exploit/use multiple endpoints to get the shell?